CN102487507B - A kind of method and system realizing integrity protection - Google Patents
A kind of method and system realizing integrity protection Download PDFInfo
- Publication number
- CN102487507B CN102487507B CN201010569422.2A CN201010569422A CN102487507B CN 102487507 B CN102487507 B CN 102487507B CN 201010569422 A CN201010569422 A CN 201010569422A CN 102487507 B CN102487507 B CN 102487507B
- Authority
- CN
- China
- Prior art keywords
- integrity protection
- radio bearer
- data radio
- terminal
- configuration information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/19—Connection re-establishment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/04—Large scale networks; Deep hierarchical networks
- H04W84/042—Public Land Mobile systems, e.g. cellular systems
- H04W84/047—Public Land Mobile systems, e.g. cellular systems using dedicated repeater stations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of method and system realizing integrity protection, comprise between base station and terminal and complete wireless connections reconstruction; Article 1 RRC connection after integrity protection configuration information is carried at wireless connections reconstruction by base station is reshuffled in signaling and is informed to terminal.By the inventive method, terminal has clearly known the time point that application integrity is protected, and has clearly known the packet that application integrity is protected; And the configuration of signaling amendment DRB integrity protection is reshuffled in the Article 1 RRC connection after being rebuild by wireless connections, avoids the time point directly introduced in RRC signaling and revise integrity protection configuration, decreases load of eating dishes without rice or wine.
Description
Technical field
The present invention relates to mobile communication system, espespecially a kind of method and system realizing integrity protection.
Background technology
In order to meet the demand of growing large bandwidth high-speed mobile access, third generation partnership project (3GPP, ThirdGenerationPartnershipProjects) senior Long Term Evolution (LTE-A, LongTermEvolution-Advanced) standard is released.LTE-A is for Long Term Evolution (LTE, LongTermEvolution) evolution of system remains the core of LTE, and adopt a series of technology to expand frequency domain, spatial domain on this basis, improve the availability of frequency spectrum to reach, increase the objects such as power system capacity.
Namely wireless relay (Relay) technology is one of technology adopted in LTE-A, is intended to the coverage of Extended Cell, reduces the area, dead angle in communication, balanced load, the business of transfer hot zones, saves the transmitting power of subscriber equipment (UE, UserEquipment).
Fig. 1 is the existing schematic network structure utilizing wireless relaying technique, as shown in Figure 1, at original base station (Donor-eNB, or be called host base station) and UE between increase some new via node (RN, Relay-Node), these newly-increased RN and Donor-eNB carry out wireless connections.Wherein, the wireless link between Donor-eNB and RN is called back haul link (backhaullink), can represent with Un interface; Wireless link between RN and UE is called access link (accesslink).Downlink data first arrives Donor-eNB, then passes to RN, and RN transfers to UE again; Otherwise it is then up.
RN under normal operating conditions, has between RN and base station (Donor-eNB), and carries out the relay function of transfer of data between RN and the UE of its management.Particularly, between base station and RN, relay function can be comprised and obtain system information function, measurement and reporting measurement reports function, handoff functionality, carried out the function etc. of transfer of data by Dedicated Control Channel and shared channel.When RN is in normal operating state, the community belonging to self administration can also be managed, and manage the UE in this community.Between RN and UE, relay function is comprised the system information function sending RN, the measuring process managing UE, manages the handoff procedure of UE, between RN and UE, is carried out the function etc. of transfer of data by control channel and shared channel.
In back haul link, RN accesses Donor-eNB with the role of normal user equipments, network side is by authentication after the identity of acquiring relay node, Donor-eNB can configure specific parameter for this RN, but the subscriber equipment of Donor-eNB still image tube Li Putong equally manages this RN.RN needs the protocol specification of observing normal user equipments in back haul link.When RN normally works, for multiple subscriber equipmenies of its coverage provide service, these subscriber equipmenies are in connection status or idle condition.When subscriber equipment in RN coverage needs to transmit data; need the Data Radio Bearer (DRB set up on back haul link; DataRadioBearer) transmission on; in order to prevent the data of subscriber equipment from suffering rogue attacks, the same DRB being intended to back haul link of 3GPP agreement implements integrity protection.It should be noted that, before not introducing RN in a network, DRB is do not implement integrity protection, only application encipher algorithm.
Existing protocol does not also relate to the concrete methods of realizing of application integrity protection algorism on the DRB of back haul link; And; on the DRB of back haul link after application integrity protection algorism; stationary problem is there is in implementation process; namely when the DRB reprovision not having configuration integrity to protect set up is set to the DRB of application integrity protection; which packet to come into effect integrity protection from; this is also need to solve further; about this problem; a typical way introduces the method for transformation time point; but this method needs to introduce new time point cell in space interface signaling, increases the signaling consumption of eating dishes without rice or wine.
Summary of the invention
In view of this; main purpose of the present invention is to provide a kind of method and system realizing integrity protection; terminal can be made clearly to know the time point that application integrity is protected; clearly know the packet that application integrity is protected, avoid the time point directly introducing the configuration of amendment integrity protection in RRC signaling.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention provides a kind of method realizing integrity protection, comprising:
Complete wireless connections between base station and terminal to rebuild;
Article 1 RRC connection after integrity protection configuration information is carried at wireless connections reconstruction by base station is reshuffled in signaling and is informed to terminal.
Wherein, described integrity protection configuration information is the integrity protection configuration information for Update Table radio bearer; Described integrity protection configuration information comprises the integrity protection configuration of activation data radio bearer, and/or deletes the integrity protection configuration of Data Radio Bearer.
In such scheme; described integrity protection configuration information is the integrity protection activating one or more Data Radio Bearer; the method also comprises: described terminal obtains user face according to protection algorithm integrallty and implements the key of integrity protection, and configuration bottom is to the key of corresponding Data Radio Bearer application integrity protection algorism and integrity protection.
In such scheme, if described terminal implemented integrity protection to other Data Radio Bearer, the key of the integrity protection that described terminal has obtained before continuing to use before wireless connections are rebuild.
In such scheme, described integrity protection configuration information is the integrity protection deleting one or more Data Radio Bearer, and the method also comprises: described terminal configuration bottom cancels integrity protection to corresponding Data Radio Bearer.
In such scheme, if the Data Radio Bearer that described terminal is set up does not need to implement integrity protection, the key of integrity protection is implemented in the user face that described terminal deletion obtains.
In such scheme, the integrity protection configuration of described activation data radio bearer comprises: whether newly-increased integrity protection is activated cell and be set to enable or activate; The integrity protection configuration of described deletion Data Radio Bearer comprises: whether newly-increased integrity protection is activated cell and be set to refusal or deexcitation.
In such scheme, described terminal is via node RN, or user equipment (UE).
Present invention also offers a kind of system realizing integrity protection, at least comprise base station and terminal, wherein,
Base station, rebuilds for completing wireless connections between terminal; Integrity protection configuration information is carried at wireless connections rebuild after Article 1 RRC connect and reshuffle in signaling and inform to terminal;
Terminal, rebuilds for completing wireless connections between base station; Obtain integrity protection configuration information.
As can be seen from the technical scheme that the invention described above provides, comprise between base station and terminal and complete wireless connections reconstruction; Article 1 RRC connection after integrity protection configuration information is carried at wireless connections reconstruction by base station is reshuffled in signaling and is informed to terminal.By the inventive method, terminal has clearly known the time point that application integrity is protected, and has clearly known the packet that application integrity is protected; And the configuration of signaling amendment DRB integrity protection is reshuffled in the Article 1 RRC connection after being rebuild by wireless connections, avoids the time point directly introduced in RRC signaling and revise integrity protection configuration, decreases load of eating dishes without rice or wine.
Accompanying drawing explanation
Fig. 1 is the existing schematic network structure utilizing wireless relaying technique;
Fig. 2 is the flow chart that the present invention realizes the method for integrity protection;
Fig. 3 is the schematic flow sheet that the present invention realizes the embodiment of integrity protection.
Embodiment
Fig. 2 is the flow chart that the present invention realizes the method for integrity protection, as shown in Figure 2, comprising:
Step 200: complete wireless connections between base station and terminal and rebuild.
Wherein, terminal can be RN, or UE.The specific implementation of this step belongs to technology as well known to those skilled in the art, repeats no more here.
Step 201: the Article 1 RRC connection after integrity protection configuration information is carried at wireless connections reconstruction by base station is reshuffled in signaling and informed to terminal.
Integrity protection configuration information is the integrity protection configuration information for Update Table radio bearer, comprises the integrity protection configuration of activation data radio bearer, and/or deletes the integrity protection configuration of Data Radio Bearer.
The inventive method also comprises:
If integrity protection configuration information is: the integrity protection activating certain (or multiple) Data Radio Bearer; UE or RN obtains user face according to protection algorithm integrallty and implements the key of integrity protection, configures the key of bottom to corresponding Data Radio Bearer application integrity protection algorism and integrity protection immediately.Further, if UE or RN implemented integrity protection to other Data Radio Bearer before wireless connections are rebuild, so, the key of the integrity protection obtained before UE or RN continues to use.
If integrity protection configuration information is: the integrity protection deleting certain (or multiple) Data Radio Bearer, UE or RN configures bottom immediately and cancels integrity protection to corresponding Data Radio Bearer.Further, if UE or RN all Data Radio Bearer after wireless connections are rebuild do not need to implement integrity protection, so, UE or RN deletes the key that integrity protection is implemented in the user face obtained.
By the inventive method, terminal has clearly known the time point that application integrity is protected, and has clearly known the packet that application integrity is protected; And the configuration of signaling amendment DRB integrity protection is reshuffled in the Article 1 RRC connection after being rebuild by wireless connections, avoids the time point directly introduced in RRC signaling and revise integrity protection configuration.
For the inventive method, a kind of system realizing integrity protection is also provided, at least comprises base station and terminal, wherein,
Base station, rebuilds for completing wireless connections between terminal; Integrity protection configuration information is carried at wireless connections rebuild after Article 1 RRC connect and reshuffle in signaling and inform to terminal.Wherein, integrity protection configuration information is the integrity protection configuration information for Update Table radio bearer, comprises the integrity protection configuration of activation data radio bearer, and/or deletes the integrity protection configuration of Data Radio Bearer.
Terminal, rebuilds for completing wireless connections between base station; Obtain integrity protection configuration information.Wherein, terminal can be RN, also can be UE.
When integrity protection configuration information is the integrity protection activating certain (or multiple) Data Radio Bearer; described terminal; also implementing the key of integrity protection for obtaining user face according to protection algorithm integrallty, configuring the key of bottom to corresponding Data Radio Bearer application integrity protection algorism and integrity protection immediately.Further, before wireless connections are rebuild, integrity protection is implemented to other Data Radio Bearer, described terminal in terminal, the key of integrity protection also for having obtained before continuing to use.
When integrity protection configuration information is the integrity protection deleting certain (or multiple) Data Radio Bearer, described terminal configures bottom immediately and cancels integrity protection to corresponding Data Radio Bearer.Further, do not need to implement integrity protection, described terminal at terminal all Data Radio Bearer after wireless connections are rebuild, the key of integrity protection is implemented in the user face also for deleting acquisition.
Be that the realization of the integrity protection of RN and UE is described in detail respectively to terminal below in conjunction with embodiment.
First embodiment, suppose that RN accesses Donor-eNB jurisdiction district, be in normal operating state, at back haul link, Donor-eNB manages RN as common subscriber equipment, for it increases, revises or delete the configuration of DRB, configuration is measured for it increases, revises or deletes, for it is set up or release semi-persistent scheduling (SPS, Semi-PersistentScheduling), be its configuration configuration (MAC-MainConfig) of MAC layer and the special configuration (physicalConfigDedicated) etc. of physical layer.Usually, Donor-eNB is reshuffled by RRC connection and realizes this part function.Above-mentioned deploy content may send and many configuration signals also may be divided to send in a configuration signal.
Now, suppose that host base station is that via node is configured with 3 DRB, be respectively DRB1, DRB2 and DRB3.In these three DRB, DRB1, for transmitting S1 and X2 signaling, is configured with protection algorithm integrallty; DRB2 and DRB3, for the data of subscriber equipment transmitted via node and manage, does not have configuration integrity protection algorism.It should be noted that; RN can obtain the key of protection algorithm integrallty by existing mechanism; as derived the key of the protection algorithm integrallty of DRB by KeNB; existing Signaling Radio Bearer (SRB; SignallingRadioBearer) the protection algorithm integrallty key of upper application is also derivative by KeNB, and KeNB is that via node is obtained by prior art in application safety configuration.Wherein, RN and core net calculate KeNB respectively according to predetermined algorithm, then derive encryption key and tegrity protection key by KeNB, and KeNB can be described as the root of key.
For RN, need to calculate the data pack protocol data cell (PDU that DRB1 receives, ProtocolDataUnit,) the message integrity verification code (X-MAC of calculating, ComputedMAC-I), if the message integrity verification code (MAC-I, MessageAuthenticationCodeforIntegrity) in the corresponding data bag of the X-MAC and the reception that calculate is consistent, then proof integrity protection is successful; Otherwise prove unsuccessful.Equally, when RN sends packet to host base station on DRBl, also need to calculate MAC-I corresponding to this packet, then send to host base station together so that whether host base station checking integrity protection is successful.
Suppose RN be in operation detect a mistake (can be RN can not apply RRC that host base station sends connect to reshuffle or RN detects Radio Link Failure or RN detects random access failure etc.), RN triggers wireless connections and rebuilds flow process, wireless connections rebuild flow process as shown in Figure 3, comprising:
Step 300:RN implements community and selects, Stochastic accessing is initiated in the community selected, RRC connection reconstruction request (RRCConnectionReestablishmentRequest) message is sent to this community own base station, shortMAC-I, the RN that can comprise RN calculating in RRC connection reconstruction request message trigger the physical layer identifications (PCI of the community at place when rebuilding, and Cell Radio Network Temporary Identifier/Identity, Cell-RNTI (C-RNTI, CellRadioNetworkTemporaryIdentifier) PhysicalCellIdentifier).In first embodiment, suppose that RN still selects original host base station as the base station rebuild, RN can select any one community under former host base station (meeting the rule that community is selected).
Step 301: host base station is after receiving the RRC connection reconstruction request message from RN, the corresponding shortMAC-I self preserved is inquired about according to C-RNTI and PCI carried in RRC connection reconstruction request message, and the shortMAC-I carried in the shortMAC-I of inquiry and this RRC connection reconstruction request message is compared, whether both judgements are consistent:
If consistent, then host base station accepts the RRC connection reconstruction request of this RN, and sends RRC connection reconstruction (RRCConnectionReestablishment) message to this RN; If inconsistent, then host base station refuses the RRC connection reconstruction request of this RN.
Host base station saves the contextual information (Context) of this RN, can verify the authenticity of this RN, determines that accepting it rebuilds request, sends RRC connection reconstruction to this RN.
Step 302:RN configures new parameter after receiving the wireless connections reconstruction message from host base station, and completes (RRCConnectionReestablishmentComplete) message to host base station transmission RRC connection reconstruction.Now RN completes the reconstruction of SRB.
Step 303: host base station sends RRC connection to RN and reshuffles (RRCConnectionReconfiguration) message, wherein comprises DRB configuration information, measurement configuration information etc.
In the present embodiment, suppose that host base station have modified the configuration of the protection algorithm integrallty on DRB after process of reconstruction, originally only have DRB1 application integrity protection algorism, present host base station configures all DRB and all carries out protection algorithm integrallty.Host base station is connected by RRC reshuffles the activation arranging all DRB and all need configuration integrity protection algorism; such as, newly-increased cell is set to enable (Enable) as whether integrity protection activates (IntegrityProtectionEnable) cell or activates (Activation).
Host base station also needs to be set to this via node by RRC connection reprovision and distributes new air-link resources; so that via node normally can recover Data Radio Bearer to transmit data, it is that the Article 1 RRC sent after RN rebuilds connects reconfiguration message that this RRC connects reconfiguration message.
Step 304:RN is after receiving RRC connection and reshuffling; application configuration parameter wherein; for being configured with the DRB (i.e. DRB1, DRB2 and DRB3) needing to activate integrity protection, RN obtains according to protection algorithm integrallty the key K that integrity protection is implemented in user face (i.e. DRB)
uPint, then configure the key of bottom (refering in particular to packet data convergence protocol (PDCP, PacketDataConvergenceProtoco1)) application integrity protection algorism and integrity protection immediately.RN needs all to need application integrity protection (comprise and send and receive) in all data by this three DRB transmission subsequently, protection algorithm integrallty by host base station by RRC signal deployment.
Then, RN to host base station return RRC connect reshuffled (RRCConnectionReconfigurationComplete).
So far, RN completes reconstruction flow process, can continue as the subscriber equipment service in its coverage, by rebuild flow process, host base station have modified RN institute set up DRB integrity protection configure.By reconstruction flow process of the present invention, RN has clearly known the time point that application integrity is protected, and has clearly known the packet that application integrity is protected; And, by rebuilding the configuration of flow process amendment DRB integrity protection, avoid the time point directly introducing the configuration of amendment integrity protection in RRC signaling.
In this first embodiment; host base station RRC connection has after reconstruction increased the integrity protection configuration of two DRB newly in reshuffling; in fact, the present embodiment is equally applicable to the integrity protection configuration that middle deletion DRB1 is reshuffled in host base station RRC connection after reconstruction.
First embodiment is applied to via node and rebuilds flow process, if also need application integrity to protect in the DRB of normal user equipments foundation, then the present embodiment is equally applicable to normal user equipments, and specific implementation as shown in the second embodiment.
Second embodiment, supposes UE access base station jurisdiction district, is in normal operating state.Now, base station is that UE is configured with 3 DRB, is respectively DRB1, DRB2 and DRB3.These three DRB all implement integrity protection.It should be noted that; UE can obtain the key of protection algorithm integrallty by existing mechanism; as derived the key of the protection algorithm integrallty of DRB by KeNB; existing Signaling Radio Bearer (SRB; SignallingRadioBearer) the protection algorithm integrallty key of upper application is also derivative by KeNB, and KeNB is that subscriber equipment is obtained by prior art in application safety configuration.
UE needs to calculate the X-MAC of the packet PDU that each DRB receives, if the X-MAC calculated is consistent with the MAC-I in the corresponding data bag of reception, then proves that integrity protection is successful, otherwise proves unsuccessful.Same UE sends packet on each DRB during to base station, need to calculate MAC-I corresponding to this packet, then send to base station together so that whether base station authentication integrity protection is successful.
Suppose UE be in operation detect a mistake (can be UE can not apply RRC that base station sends connect to reshuffle or UE detects Radio Link Failure or UE detects random access failure etc.), UE triggers wireless connections and rebuilds flow process, and it is rebuild flow process and comprises:
First, UE implements community and selects, in the community selected, initiate Stochastic accessing, send RRC connection reconstruction request message to this community own base station, in RRC connection reconstruction request message, comprise UE calculating shortMAC-I, UE trigger PCI and C-RNTI of the community at place when rebuilding.In second embodiment, suppose that UE still selects original base station as the base station rebuild, UE can select any one community under former base station (meeting the rule that community is selected).It should be noted that, UE also can select adjacent base station as the base station rebuild, as long as there is the contextual information of this UE this adjacent base station.
Then, base station is after receiving the RRC connection reconstruction request message from UE, the corresponding shortMAC-I self preserved is inquired about according to C-RNTI and PCI carried in RRC connection reconstruction request message, and the shortMAC-I carried in the shortMAC-I of inquiry and message is compared, whether both judgements are consistent: if consistent, then base station accepts the RRC connection reconstruction request of this UE, and sends RRC connection reconstruction (RRCConnectionReestablishment) message to this UE; If inconsistent, then the RRC connection reconstruction request of this UE is refused in base station.
Base station saves the contextual information of this UE, can verify the authenticity (or legitimacy) of this UE, determines that accepting it rebuilds request, sends RRC connection reconstruction to this UE.
UE configures new parameter after receiving the wireless connections reconstruction message from base station, and completes (RRCConnectionReestablishmentComplete) message to base station transmission RRC connection reconstruction.Now UE completes the reconstruction of SRB.
Afterwards, base station sends RRC connection to subscriber equipment and reshuffles (RRCConnectionReconfiguration) message, wherein comprises DRB configuration information, measurement configuration information etc.In the present embodiment, suppose that base station have modified the configuration of the protection algorithm integrallty on DRB after process of reconstruction, the equal application integrity protection algorism of original all DRB, the integrity protection of configuration on all DRB is deleted in present base station.Base station is connected by RRC reshuffles the activation arranging all DRB and all do not need configuration integrity protection algorism, is such as set to by IntegrityProtectionEnable refuse (Disable) or deexcitation (Non-activation).
Base station also needs to be set to this UE by RRC connection reprovision and distributes new air-link resources; so that UE normally can recover Data Radio Bearer to transmit data, it is that after this UE rebuilds, base station connects reconfiguration message to its Article 1 RRC sent that this RRC connects reconfiguration message.
Finally; UE is after receiving RRC connection and reshuffling; application configuration parameter wherein, because all DRB all delete integrity protection configuration, UE configures the key of bottom (refering in particular to PDCP layer) not application integrity protection algorism and integrity protection immediately.UE also deletes the key of integrity protection.
UE returns RRC connection and has reshuffled (RRCConnectionReconfigurationComplete) to base station.
So far, subscriber equipment completes reconstruction flow process, can carry on business.
The above, be only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention, and all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (11)
1. realize a method for integrity protection, it is characterized in that, comprising:
Complete wireless connections between base station and terminal to rebuild;
Article 1 RRC connection after integrity protection configuration information is carried at wireless connections reconstruction by base station is reshuffled in signaling and is informed to terminal; Wherein,
Described integrity protection configuration information is the integrity protection configuration information for Update Table radio bearer; Described integrity protection configuration information comprises the integrity protection configuration of activation data radio bearer, and/or deletes the integrity protection configuration of Data Radio Bearer;
When described integrity protection configuration information is the integrity protection activating one or more Data Radio Bearer; the method also comprises: described terminal obtains user face according to protection algorithm integrallty and implements the key of integrity protection, and configuration bottom is to the key of corresponding Data Radio Bearer application integrity protection algorism and integrity protection.
2. method according to claim 1, is characterized in that, if described terminal implemented integrity protection to other Data Radio Bearer, the key of the integrity protection that described terminal has obtained before continuing to use before wireless connections are rebuild.
3. method according to claim 1, is characterized in that, described integrity protection configuration information is the integrity protection deleting one or more Data Radio Bearer, and the method also comprises:
Described terminal configuration bottom cancels integrity protection to corresponding Data Radio Bearer.
4. method according to claim 3, is characterized in that, if the Data Radio Bearer that described terminal is set up does not need to implement integrity protection, the key of integrity protection is implemented in the user face that described terminal deletion obtains.
5. method according to claim 1, is characterized in that, the integrity protection configuration of described activation data radio bearer comprises: whether newly-increased integrity protection is activated cell and be set to enable or activate;
The integrity protection configuration of described deletion Data Radio Bearer comprises: whether newly-increased integrity protection is activated cell and be set to refusal or deexcitation.
6. the method according to any one of claim 1 to 5, is characterized in that, described terminal is via node RN, or user equipment (UE).
7. realize a system for integrity protection, it is characterized in that, at least comprise base station and terminal, wherein,
Base station, rebuilds for completing wireless connections between terminal; Integrity protection configuration information is carried at wireless connections rebuild after Article 1 RRC connect and reshuffle in signaling and inform to terminal;
Terminal, rebuilds for completing wireless connections between base station; Obtain integrity protection configuration information; Wherein,
Described integrity protection configuration information is the integrity protection configuration information for Update Table radio bearer; Described integrity protection configuration information comprises the integrity protection configuration of activation data radio bearer, and/or deletes the integrity protection configuration of Data Radio Bearer;
When described integrity protection configuration information is the integrity protection activating one or more Data Radio Bearer; described terminal; also implementing the key of integrity protection for obtaining user face according to protection algorithm integrallty, configuring the key of bottom to corresponding Data Radio Bearer application integrity protection algorism and integrity protection immediately.
8. system according to claim 7, is characterized in that, when described terminal had implemented integrity protection to other Data Radio Bearer before wireless connections are rebuild,
Described terminal, the key of integrity protection also for having obtained before continuing to use.
9. system according to claim 7, is characterized in that, when described integrity protection configuration information is the integrity protection deleting one or more Data Radio Bearer,
Described terminal, also cancels integrity protection for configuring bottom to corresponding Data Radio Bearer.
10. system according to claim 9, is characterized in that,
Described terminal, the key of integrity protection is implemented in the user face also for deleting acquisition.
11. systems according to any one of claim 7 to 10, it is characterized in that, described terminal is RN, or UE.
Priority Applications (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010569422.2A CN102487507B (en) | 2010-12-01 | 2010-12-01 | A kind of method and system realizing integrity protection |
| EP11844484.3A EP2528369A4 (en) | 2010-12-01 | 2011-04-22 | Method and system for realizing integrality protection |
| PCT/CN2011/073188 WO2012071845A1 (en) | 2010-12-01 | 2011-04-22 | Method and system for realizing integrality protection |
| US13/577,430 US9055442B2 (en) | 2010-12-01 | 2011-04-22 | Method and system for realizing integrity protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010569422.2A CN102487507B (en) | 2010-12-01 | 2010-12-01 | A kind of method and system realizing integrity protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102487507A CN102487507A (en) | 2012-06-06 |
| CN102487507B true CN102487507B (en) | 2016-01-20 |
Family
ID=46152951
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010569422.2A Active CN102487507B (en) | 2010-12-01 | 2010-12-01 | A kind of method and system realizing integrity protection |
Country Status (4)
| Country | Link |
|---|---|
| US (1) | US9055442B2 (en) |
| EP (1) | EP2528369A4 (en) |
| CN (1) | CN102487507B (en) |
| WO (1) | WO2012071845A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2767778C2 (en) * | 2017-08-11 | 2022-03-21 | Хуавей Текнолоджиз Ко., Лтд. | Method and device for protecting data integrity |
Families Citing this family (37)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101831448B1 (en) | 2010-02-02 | 2018-02-26 | 엘지전자 주식회사 | Method of selectively applying a pdcp function in wireless communication system |
| US8830908B2 (en) * | 2011-02-18 | 2014-09-09 | Qualcomm Incorporated | Apparatus and method for facilitating fallback access schemes |
| US10178657B2 (en) * | 2011-12-02 | 2019-01-08 | Innovative Sonic Corporation | Method and apparatus for reconfiguring SPS (semi-persistent) operation in a wireless communication system |
| PL2984871T3 (en) * | 2013-04-12 | 2021-01-11 | Nokia Solutions And Networks Oy | Pdcp operation for dual connection |
| JP5970489B2 (en) * | 2014-01-30 | 2016-08-17 | 株式会社Nttドコモ | Mobile communication system and mobile station apparatus |
| CN104936173B (en) * | 2014-03-18 | 2022-02-25 | 华为技术有限公司 | Key generation method, main base station, auxiliary base station and user equipment |
| WO2016208950A1 (en) * | 2015-06-23 | 2016-12-29 | 엘지전자(주) | Method for transmitting/receiving data in wireless communication system, and device for same |
| EP3322252B1 (en) * | 2015-08-04 | 2019-10-09 | Huawei Technologies Co., Ltd. | Communication methods, network side device, and user equipment |
| RU2712428C2 (en) * | 2015-11-02 | 2020-01-28 | Телефонактиеболагет Лм Эрикссон (Пабл) | Wireless communication |
| CN106851750B (en) * | 2015-12-03 | 2020-06-30 | 大唐移动通信设备有限公司 | Communication method, base station and system |
| RU2744323C2 (en) | 2017-01-30 | 2021-03-05 | Телефонактиеболагет Лм Эрикссон (Пабл) | Methods for data integrity protection on the user plane |
| CN108633003B (en) * | 2017-03-16 | 2021-10-01 | 华为技术有限公司 | Resource allocation method and device and terminal equipment |
| PL3596953T3 (en) | 2017-03-17 | 2023-10-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Security solution for switching on and off security for up data between ue and ran in 5g |
| US10123210B2 (en) * | 2017-03-17 | 2018-11-06 | Nokia Of America Corporation | System and method for dynamic activation and deactivation of user plane integrity in wireless networks |
| CN108810899A (en) | 2017-04-28 | 2018-11-13 | 维沃移动通信有限公司 | Integrality detection method, terminal and network side equipment |
| WO2018201506A1 (en) * | 2017-05-05 | 2018-11-08 | 华为技术有限公司 | Communication method and related device |
| CN112203281B (en) | 2017-06-15 | 2023-07-21 | 维沃移动通信有限公司 | Data radio bearer integrity protection configuration method, terminal and network equipment |
| CN109246766B (en) * | 2017-06-15 | 2023-05-30 | 夏普株式会社 | Wireless configuration method and corresponding user equipment |
| CN109246692A (en) * | 2017-06-16 | 2019-01-18 | 华为技术有限公司 | Connection management method, terminal and wireless access network equipment |
| WO2019019124A1 (en) * | 2017-07-27 | 2019-01-31 | Oppo广东移动通信有限公司 | Reconfiguration method and related product |
| CN109391981B (en) * | 2017-08-08 | 2021-07-06 | 维沃移动通信有限公司 | Integrity protection method and device |
| CN109413005A (en) * | 2017-08-17 | 2019-03-01 | 中兴通讯股份有限公司 | Data stream transmitting method of controlling security and device |
| US11297502B2 (en) * | 2017-09-08 | 2022-04-05 | Futurewei Technologies, Inc. | Method and device for negotiating security and integrity algorithms |
| CN109547396B (en) * | 2017-09-22 | 2021-01-08 | 维沃移动通信有限公司 | Integrity protection method, terminal and base station |
| US11129017B2 (en) * | 2017-09-28 | 2021-09-21 | Futurewei Technologies, Inc. | System and method for security activation with session granularity |
| WO2019089543A1 (en) | 2017-10-30 | 2019-05-09 | Huawei Technologies Co., Ltd. | Method and device for obtaining ue security capabilities |
| CN111183663A (en) * | 2017-11-08 | 2020-05-19 | Oppo广东移动通信有限公司 | Integrity protection control method, network device and computer storage medium |
| WO2019139518A1 (en) * | 2018-01-11 | 2019-07-18 | Telefonaktiebolaget Lm Ericsson (Publ) | Selective encryption of pdcp in integrated access backhaul (iab) networks |
| CN110035432B (en) * | 2018-01-12 | 2020-09-11 | 华为技术有限公司 | Integrity protection key management method and equipment |
| CN109644354B (en) * | 2018-03-20 | 2021-10-26 | Oppo广东移动通信有限公司 | Integrity verification method, network equipment, UE and computer storage medium |
| CN108430070B (en) * | 2018-05-30 | 2021-03-16 | Oppo广东移动通信有限公司 | Radio resource control connection method and device, and computer storage medium |
| CN115835198A (en) * | 2018-06-14 | 2023-03-21 | Oppo广东移动通信有限公司 | Method and device for controlling security function, network equipment and terminal equipment |
| CN110831255B (en) * | 2018-08-09 | 2023-05-02 | 大唐移动通信设备有限公司 | Method for reestablishing RRC connection, base station, mobile terminal and storage medium |
| CN114071466A (en) * | 2018-08-10 | 2022-02-18 | 华为技术有限公司 | User plane integrity protection method, device and equipment |
| US20220030474A1 (en) * | 2018-12-11 | 2022-01-27 | Sony Group Corporation | Communications device, infrastructure equipment, core network equipment and methods |
| CN111315039B (en) * | 2018-12-24 | 2023-02-24 | 维沃移动通信有限公司 | Integrity protection failure processing method and terminal |
| KR20220015667A (en) * | 2020-07-31 | 2022-02-08 | 삼성전자주식회사 | A method and an apparatus for reduing the processing burden from integrity protection and verification in the next generation wireless communication system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101068436A (en) * | 2007-06-08 | 2007-11-07 | 重庆重邮信科(集团)股份有限公司 | Integrity protection processing method |
| CN101702818A (en) * | 2009-11-02 | 2010-05-05 | 上海华为技术有限公司 | Method, system and device of algorithm negotiation in radio link control connection re-establishment |
| CN101754243A (en) * | 2009-12-31 | 2010-06-23 | 华为技术有限公司 | Method and system for safety detection |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4384700B1 (en) * | 2008-06-23 | 2009-12-16 | 株式会社エヌ・ティ・ティ・ドコモ | Mobile communication method, mobile station and radio base station |
| US8396037B2 (en) | 2008-06-23 | 2013-03-12 | Htc Corporation | Method for synchronizing PDCP operations after RRC connection re-establishment in a wireless communication system and related apparatus thereof |
| CN101577953B (en) * | 2009-06-09 | 2013-01-16 | 中兴通讯股份有限公司 | Soft handover method and system in trunking communication |
-
2010
- 2010-12-01 CN CN201010569422.2A patent/CN102487507B/en active Active
-
2011
- 2011-04-22 EP EP11844484.3A patent/EP2528369A4/en not_active Withdrawn
- 2011-04-22 WO PCT/CN2011/073188 patent/WO2012071845A1/en active Application Filing
- 2011-04-22 US US13/577,430 patent/US9055442B2/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101068436A (en) * | 2007-06-08 | 2007-11-07 | 重庆重邮信科(集团)股份有限公司 | Integrity protection processing method |
| CN101702818A (en) * | 2009-11-02 | 2010-05-05 | 上海华为技术有限公司 | Method, system and device of algorithm negotiation in radio link control connection re-establishment |
| CN101754243A (en) * | 2009-12-31 | 2010-06-23 | 华为技术有限公司 | Method and system for safety detection |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2767778C2 (en) * | 2017-08-11 | 2022-03-21 | Хуавей Текнолоджиз Ко., Лтд. | Method and device for protecting data integrity |
Also Published As
| Publication number | Publication date |
|---|---|
| EP2528369A1 (en) | 2012-11-28 |
| CN102487507A (en) | 2012-06-06 |
| US20120315878A1 (en) | 2012-12-13 |
| EP2528369A4 (en) | 2014-01-15 |
| WO2012071845A1 (en) | 2012-06-07 |
| US9055442B2 (en) | 2015-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102487507B (en) | A kind of method and system realizing integrity protection | |
| CN104581843B (en) | For the processing delivering method and its communication device of the network-side of wireless communication system | |
| CN102149205B (en) | The method of state management of a kind of via node and system | |
| US10348703B2 (en) | Method and device for generating access stratum key in communications system | |
| CN102348255B (en) | A kind of via node accesses the method and system of network | |
| RU2523954C2 (en) | Method and apparatus for obtaining security key in relay system | |
| CN102638900B (en) | Method and device for establishing connection | |
| CN102238542A (en) | Method and system for reestablishing radio resource control (RRC) of user equipment (UE) under relay node (RN) | |
| CN103380635A (en) | Method and apparatus for performing membership verification or access control in wireless communication system | |
| CN102196496A (en) | Method and relay node for processing errors of backhaul link | |
| CN102300335B (en) | A kind of method and device processing wireless link error | |
| CN104349309A (en) | Method utilizing NN and NCC pairs to solve safety problems in mobile communication system | |
| WO2015018489A1 (en) | Switching a primary node | |
| WO2020056433A2 (en) | SECURE COMMUNICATION OF RADIO RESOURCE CONTROL (RRC) REQUEST OVER SIGNAL RADIO BEARER ZERO (SRBo) | |
| CN102223632B (en) | A kind of Access Layer security algorithm synchronous method and system | |
| CN104918242A (en) | Slave base station secret key updating method, slave base station, terminal and communication system | |
| CN101977378B (en) | Information transferring method, network side and via node | |
| CN102404820B (en) | A kind of via node and realize the method for access control | |
| CN104185177B (en) | A kind of safety key managing method, device and system | |
| CN101686513B (en) | Cell switching method, system and device | |
| CN102821484B (en) | To eat dishes without rice or wine the method for building up of upper Deta bearer and device | |
| EP3410635A1 (en) | Method and device for radio bearer security configuration | |
| EP3311599B1 (en) | Ultra dense network security architecture and method | |
| CN101883430B (en) | Radio resource control (RRC) connection reestablishment method | |
| CN113557699B (en) | Communication apparatus, infrastructure equipment, core network equipment and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |